IT Security News Blast 7-5-2017

A recent Gartner report indicated that by 2020, at least one major safety incident will be caused by an IT security failure, leading to significant injury. A temporary loss of power from a failed power grid is inconvenient, a loss of control by an automated medical device administering a drug could be dangerous. It is easy to imagine a scenario that an IT failure could have a physical safety outcome. The increasing complexities of connections means things and infrastructure with different levels of security are now interacting. It will be difficult to predict the risk that will arise.

The AA denied that the leaked data contained any sensitive information but Scott Helme, a cyber-security researcher who discovered the data online disclosed that an unprotected AA server contained personal and sensitive information of more than 100,000 customers including names, email addresses, and payment card numbers.

OWL ranked the Fortune 500 companies by their Darknet Index score — calculated by the cybersecurity firm’s algorithm — and also included the firms’ rankings on the Fortune 500 lists. Ranked by DARKINT (darknet intelligence), technology companies lead the list, with Amazon holding the top spot, but with telecommunications firms right alongside it.

“They don’t pay attention to security unless it happens to them,” Maj. Gen. Mark Bartman, adjutant general of the Ohio National Guard, said of cyber victims. In terms of cybersecurity, Bartman’s office is doing for Ohio what the U.S. Department of Defense does for the federal government.

Court documents say Venzor was “volatile” and it took company employees around an hour to get him out of the building after bosses notified him of his firing around 10:30 AM. At 11:30 AM, authorities say that Venzor used a hidden account he created with the name of “elplaser” and shut down the company’s email and application servers. The latter was responsible for managing the company’s customer orders system, along with other critical systems in Lucchese’s production line, warehouse, and distribution center.

Hackers Steal Billions in S.Korean Won by Hacking 4th Largest Bitcoin Exchange

Bithumb, one of the largest Bitcoin and Ether exchange platforms, has been hacked resulting in a loss of billions of South Korean Won with a number of user accounts compromised. Information such as users’ phone numbers, email addresses, etc. have been leaked as such, reports Bravenewcoin. […] It currently holds 75.7% share of the entire bitcoin market in South Korea regarding volume and facilitates the trading of more than 13,000 bitcoins every day and accounts for 44% of the total ether trade in the country.

U.S. intelligence agencies have turned up the heat in recent days on Kaspersky Lab, the Moscow-based cybersecurity giant long suspected of ties to Russia’s spying apparatus. […] The documents are certifications issued to the company by the Russian Security Service, the spy agency known as the FSB. Unlike the stamped approvals the FSB routinely issues to companies seeking to operate in Russia, Kaspersky’s include an unusual feature: a military intelligence unit number matching that of an FSB program.

Kaspersky’s invitation, made in an interview with the Associated Press, comes amidst mounting U.S.-Russian tensions over alleged election hacking. It also follows years of suspicion that Kaspersky, who attended a KGB-sponsored school and once worked for Russia’s Ministry of Defense, retains personal ties to Russian intelligence.

NATO: Cyber attacks like WannaCry, Petya could invoke Article 5 and trigger a military response

“As important government systems have been targeted, then in case the operation is attributed to a state this could count as a violation of sovereignty. Consequently, this could be an internationally wrongful act, which might give the targeted states several options to respond with countermeasures,“ said Tomáš Minárik, Researcher at NATO CCD COE Law Branch.

It was initially thought to be a ransomware attack designed to make money for the hackers behind it. But some security firms now think that it was deliberately designed to destroy data and targeted Ukraine. The head of the country’s national Cyberpolice unit had previously alleged that Intellect Service had ignored repeated warnings that it needed to improve its security in advance of the attack.

An Electronic and Cyber Warfare Doctrine to Contain North Korea’s Provocations

Through a strategic doctrine of electronic and cyber warfare containment, however, it would be possible for certain strategically significant actors to contain North Korea, while other strategically significant actors simultaneously work toward a peaceful resolution to the North Korean issue. A concerted, multipronged, and strategic approach is warranted to not only diffuse tensions but also to bring about lasting peace on the Korean Peninsula.

The report mapped out a range of security threats, including Islamist militancy and increased far-right violence, but highlighted the growing incidence of cyber espionage. It cited a “noticeable increase” in spying by Turkey’s MIT foreign intelligence agency in Germany in 2016, following the failed July 15 coup in Turkey, and said Russia was seeking to influence a parliamentary election on Sept. 24.

The good news is that studies have shown that cyberattacks have little effect on long-term corporate value. The share prices typically recover within 12 months. The reason that Yahoo had to write down $500 million is simply that the timing of the cyberattack coincided with the acquisition. Timing can be costly, partly because there are few financial recourses for a breach.

On Tuesday, a massive cyberattack hit Ukraine. The very next day, professor Scott Jasper of the Naval Postgraduate School offered a systematic analysis of the United States’ existing strategic cyber deterrence options, of which active cyber defense will play the leading role in the years ahead. Active cyber defense may be the answer to the ever-increasing cybersecurity threat, as it allows for greater maneuverability by the private sector and presents greater policy options to deter and defeat nefarious actors.

“Mobile is the new playground for criminals,” says Raj Samani, chief scientist at Intel Security. “When you compare against laptops and desktop computers, the level of coverage with regard to security programs for mobile devices is very, very low. They are like sieves in our pockets.” Many IT managers are unaware of the full extent of their mobile environments, including the number of mobile applications their users employ.

The XX Factor: The Critical Role of Women in Closing the Cybersecurity Skills Gap

While women are getting more traction in the workplace, they still face real challenges, from corporate cultures steeped in an old boys’ club mentality to earning less pay than male colleagues for the same work. But a study by Russia’s National Research University Higher School of Economics Neurolinguistic Laboratory, published in Human Physiology, revealed a critical advantage for women when it comes to multitasking.

An executed warrant document reported that the FBI retrieved 19 different IP addresses in the investigation by using the NIT, likely because the suspect was using a VPN service and the Tor network to mask his IP address. It is not clear is the NIT was useful to track the man. Experts and privacy advocated consider legitimate the NIT usage in the specific case, it was a targeted attack that not impacted other individuals, such as the case of a watering hole attack.

HTTPS Certificate Revocation is broken, and it’s time for some new tools

The problem with a CRL is that they contain a lot of revoked certificates from the particular CA maintaining it. Without getting into too much detail, they are broken down by each intermediate certificate a CA has and the CA can fragment the lists into smaller chunks. […] The other problem is that if the client doesn’t have a fresh copy of the CRL, it has to fetch one during the initial connection to your site—which can make your site look much slower than they actually are.

Siemens patched two critical vulnerabilities that affected its industrial products this week. One, tied to a recently disclosed flaw in Active Management Technology – a function of certain Intel processors – could have allowed an attacker to gain system privileges. Another vulnerability could have let an attacker upload and execute arbitrary code. The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned about both vulnerabilities on Thursday.

That careful examination of code used by BlackEnergy in its KillDisk ransomware and ExPetr wiper malware yielded “low confidence” similarities. However, when examined as part of a larger YARA rule similarities become very precise, researchers said. […] The research could prove beneficial at determining who the threat actors behind ExPetr, the wiper malware that sabotaged thousands of PCs, are.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.